Remove From My Forums

Multiple DC/DNS/DHCP servers

Question

0

Sign in to vote

Hi,

I have a scenario where there is one W2K3 server which is a DC, DHCP and DNS server. There is another W2K8 R2 server which is also has the DC, DNS, and DHCP roles. The W2K8 R2 server previously only had the DC role and the other two roles were added to provide some redundancy. We will be replacing the W2K3 server next month with a W2K8R2 server.

Currently, scavenging is not enabled. This is an AD environment and secure updates only are enabled. Most clients are Windows XP or Windows 7. There are some Layer 2 and 3 switches on the network as well.

I am concerned about stale DNS entries left behind by clients as they reconnect over time. I have read Ace's blog (http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx), and http://expresstaalk.blogspot.in/2011/09/dhcp-on-dns-scavenging-and.html. As our environment is mixed (Server 2003 and Server 2008 R2), I would really appreciate it if someone could please advise on the following:

From what I have understood, I need to carry out the following steps:

W2K3 DC/DNS/DHCP server: Create DHCP service credential and set DHCP service to use this, add the server to the DNSProxyUpdate Group. Enable DNS Option 81 by going to the Zone properties, DNS tab, and then selecting 'Always dymanically update DNS A & PTR Records', 'Discard A and PTR Records when lease is deleted' & 'Dynamicly Update DNS A and PTR Records for DHCP Clients that do not request updates'.

W2K8 R2 DC/DNS/DHCP server: Create DHCP service credential and set DHCP service to use this, add the server to the DNSProxyUpdate Group. Configure Name Protection, and secure the DNSUpdateProxyGroup by running 'dnscmd /config /OpenAclOnProxyUpdates 0 ' .

Will running 'dnscmd /config /OpenAclOnProxyUpdates 0 ' cause any issues given that the DNSProxyUpdate Group will also have the W2K3 server (with the DNS/DC/DHCP roles)?

Additionally, is there anything else I need to do/ look out for?

I also had a look at scavenging on the server and oddly enough, in the Zone Aging/ Scavenging Properties show the zone can be scavenged after 01/01/1601 00:00:00. Is this because scavenging has never been set?

Thanks,

HA

Tuesday, October 15, 2013 12:03 PM

Reply

|

Quote

Answers

1

Sign in to vote
Hi,

Based on your description, I think the configurations are good.

Using DNS servers with DHCP

http://technet.microsoft.com/en-us/library/cc787034%28v=ws.10%29.aspx

Regarding “01/01/1601 00:00:00”, based on my experience, it seems that it is due to scavenging is not enabled.

Don't be afraid of DNS Scavenging. Just be patient.

http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

How DNS Scavenging and the DHCP Lease Duration Relate

http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx

Understanding Aging and Scavenging

http://technet.microsoft.com/en-us/library/cc771677.aspx

Thanks.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
- Marked as answer by Jeremy_WuMicrosoft contingent staff, Moderator Monday, October 28, 2013 2:40 AM
Wednesday, October 16, 2013 2:28 PM

Reply

|

Quote

Moderator

1

Sign in to vote
Hi HA,

Based on my knowledge, it will not cause any issue.

Thanks.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
- Marked as answer by Jeremy_WuMicrosoft contingent staff, Moderator Monday, October 28, 2013 2:40 AM
Wednesday, October 23, 2013 7:34 AM

Reply

|

Quote

Moderator

All replies

1

Sign in to vote
Hi,

Based on your description, I think the configurations are good.

Using DNS servers with DHCP

http://technet.microsoft.com/en-us/library/cc787034%28v=ws.10%29.aspx

Regarding “01/01/1601 00:00:00”, based on my experience, it seems that it is due to scavenging is not enabled.

Don't be afraid of DNS Scavenging. Just be patient.

http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

How DNS Scavenging and the DHCP Lease Duration Relate

http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx

Understanding Aging and Scavenging

http://technet.microsoft.com/en-us/library/cc771677.aspx

Thanks.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
- Marked as answer by Jeremy_WuMicrosoft contingent staff, Moderator Monday, October 28, 2013 2:40 AM
Wednesday, October 16, 2013 2:28 PM

Reply

|

Quote

Moderator

0

Sign in to vote

Hi,

I would like to check if you need further assistance.

Thanks.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Monday, October 21, 2013 9:54 AM

Reply

|

Quote

Moderator

0

Sign in to vote

Hi Jeremy,

Thank you for your reply and apologies for not getting back to you sooner.

Just for clarification, running 'dnscmd /config /OpenAclOnProxyUpdates 0 ' will not cause any issues, given that one of the servers in the DNSProxyUpdate group will be W2K3? This server will be replaced in the coming weeks with a Windows Server 2008 R2 server.

Thanks,

HA

Tuesday, October 22, 2013 11:29 AM

Reply

|

Quote

1

Sign in to vote
Hi HA,

Based on my knowledge, it will not cause any issue.

Thanks.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
- Marked as answer by Jeremy_WuMicrosoft contingent staff, Moderator Monday, October 28, 2013 2:40 AM
Wednesday, October 23, 2013 7:34 AM

Reply

|

Quote

Moderator

0

Sign in to vote

Hi,

We have not heard from you in a couple of days.

Please post back at your convenience if we can assist further.

Thanks.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Saturday, October 26, 2013 4:57 AM

Reply

|

Quote

Moderator

0

Sign in to vote

Hi Jeremy,

Just wanted to say thanks. You were very helpful.

Kind Regards,

HA

Thursday, October 31, 2013 1:47 PM

Reply

|

Quote

0

Sign in to vote

Hi Jeremy,

I tried this in a lab with 2 W2K8 R2 serversw that are DHCP/DC/ DNS and it partially works if I don't enable name protection (Option 181, DHCP credentials, etc are all done). The moment I turn on name protection, the DHCP clients start getting registered as the owners of their records rather than the dhcp credential. Can you please advise?

Furthermore, after turning off name protection, even though I have the option 'Discard A & PTR Records when lease is deleted' , the records don't get deleted after the lease is deleted.

Thanks

HA

Friday, November 22, 2013 4:47 PM

Reply

|

Quote

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Multiple DC/DNS/DHCP servers

Question

Answers

All replies